On Tue, 2009-03-31 at 10:42 -0500, Bruno Wolff III wrote:
On Tue, Mar 31, 2009 at 12:27:08 +0100,
Bill Crawford <billcrawford1970(a)gmail.com> wrote:
> On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
>
> > CAs that charge extra in order to sign certs that have flag set to
> > indicate that they can sign other certs in subdomains should be boycotted.
>
> This is actually a rotten idea. If you need internal testing systems, or to
> dynamically create them as needed, or you want to run shared hosting using SSL
> (as we do for internal testing, since our application requires SSL enabled)
> then being able to sign your own sub-domains and / or have a wildcard are
> pretty much essential.
I was complaining about ripping people off by charging exhorbitant amounts
for signing keys, not that people / orgs shouldn't be able to get them.
Verisign does that to protect revenue, not for security reasons.
----
why does a dog lick themselves between the legs?
because they can. Everyone is free to choose to purchase certificates
from any well known certificate authority and it doesn't have to be
Verisign.
I don't know that they are exorbitant, I know that unless I am selling
something to the public and don't want to scare the bejeebus out of them
by offering a self-signed certificate, I'm not buying.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.